3. HBase

To enable the Ranger HBase plugin, perform the steps described below.

  1. Navigate to the HBase service.

  2. Click on the Config tab and navigate to advanced ranger-hbase-plugin-properties. Refer to the Ranger HBase Properties table for information on modifying these properties.

  3. Make sure to select the Enable Ranger for HBase checkbox.

  4. When you select the checkbox, a warning dialog popup will be opened.

  5. Click on the Apply button to save the changes.

  6. Ambari will display a Restart indicator. Restart the Ranger HBase component.

     

    Table 4.3. Ranger HBase Properties

    Configuration Property NameDescriptionDefault ValueExample ValueRequired
    Enable Ranger for HBASEFlag used to enable/disable HBase functionality for Ranger.FALSE Yes
    Audit to HDFSFlag used to enable/disable HBase audit logging. If HBase audit logging is turned off, it will not log any access control to HBase.FALSE Yes
    Audit to DBFlag to enable/disable database audit logging. If the database audit logging is turned off, it will not log any access control to the database.   
    Policy User for HBASE    
    Ranger repository config password    
    Ranger repository config user    
    Should HBase GRANT/REVOKE update XA policies?Checbox that provides the ability for the XA Agent to update the policies based on the grant/revoke commands from the HBase client.TRUETRUEYes

    common.name.

    for.certificate

        

    SSL_KEYSTORE_

    FILE_PATH

    Java Keystore path where the SSL key for the plugin is stored. This is only used if SSL is enabled between the Policy Admin Tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not used./etc/hbase/conf/ranger-plugin-truststore.jks/etc/hbase/conf/ranger-plugin-truststore.jksYes, if SSL is enabled

    SSL_KEYSTORE_

    PASSWORD

    Password associated with the SSL Keystore. This is only used if SSL is enabled between the Policy Admin Tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY if SSL is not enabled.myKeyFilePasswordMyKeyFilePasswordYes, if SSL is enabled

    SSL_KEYSTORE_

    FILE_PATH

    Java Keystore path where the trsuted certificates are stored for verifying SSL connection to the Policy Admin Tool. This is used only if SSL is enabled between the Policy Admin Tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY./etc/hbase/conf/ranger-plugin-truststore.jks/etc/hbase/conf/ranger-plugin-truststore.jksYes, if SSL is enabled

    SSL_TRUSTSTORE_

    PASSWORD

    Password associated with the Truststore file. This is used only if SSL is enabled between the Policy Admin tool and plugin. If SSL is not enabled, leave the default value as is - do not set as EMPTY.changeitchangeitYes, if SSL is enabled.